Data Acquisition and Duplication Tools: Software in this article explain different types of software which is using in data acquision and duplication data tool.
EnCase Forensic
Source: https://www.guidancesoftware.com
EnCase is a popular multi-purpose forensic platform which includes many useful tools to support several areas of the digital forensic process. This tool can collect a lot of data from many devices and extracts potential evidence. It also generates an evidence report.
EnCase Forensic can help investigators to acquire large amounts of evidence, as fast as possible from laptops and desktop computers to mobile devices. The data is acquired directly into EnCase Forensic and integrates the results into the cases.
This tool enables to search several thousands of files exist on a system with variety of search choices, like:
- GREP
- Conditional
- Boolean
- Word searches
The integrity of evidence has to be maintained in a format that the courts trust.
Related Product : Computer Hacking Forensic Investigator | CHFI
Data Acquisition and Duplication Tools: Software (Cont’d)
Discussed below are a few data acquisition and duplication software tools using which one can acquire and create duplicate copies of the suspect system data:
1. DriveSpy
source: https://www.digitalintelligence.com
DriveSpy allows forensic examiners to direct information from one sector range to another. It creates direct disk-to-disk forensic duplicates, processes duplicate drives of both physical drive geometry and sector translation, processes large hard drives, hard drives without partitions, slack space, unallocated space etc.
2. ProDiscover Forensics
Source: http://www.arcgroupny.com
ProDiscover Forensic is a computer security tool, which allows investigators to locate the data on a computer disk and protect the evidence. It also creates useful evidentiary reports for the case. This tool enables entire disk search for keywords, regular expressions, and phrases with Boolean search ability to find the relevant data. Using ProDiscover Forensic the examiners are allowed to analyze files without changing the useful metadata like last-time accessed, ProDiscover Forensic allows one to recover deleted files, review slack space, access Windows Alternate Data Streams, and provide a preview, search, and image-capture of the Hardware Protected Area (HPA) of the disk.
3. Data Acquisition Toolbox
Source: http://in.mathwork.com
Data Acquisition Toolbox’ allows connecting IVIATLAI3: to data acquisition hardware. It supports various DAQ hardware provided by National Instruments and vendors, such as, USB, PCI, PCI Express, PXI and PXI-Express devices.
This toolbox configures data acquisition hardware and reads data into MATLAB for quick analysis. Using this toolbox data can also be sent over analog and digital output channels provided by data acquisition hardware. The data acquisition software of the toolbox provides different functionalities to control analog input/output, counter/timer and digital I/O subsystems of a DAQ device.
4. RAID Recovery for Windows
source: https://www.runtime.org
RAID Recover), for Windows is used to recover full content of a broken RAID. It is capable to copy the files and folders over to another disk. It works for NTF5-formatted RAID-0 as well as RAID-5 configurations and supports both, hardware RAM’s controlled by mother board or controller card and software RAIDS controlled by Windows (dynamic disk arrays).
5. R-Tools R-Studio
Source: http://www.r-studio.com
R-Tools R-Studio provides latest data recovery technologies to recover files from NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+ (Macintosh) etc. R-Studio consists of advanced RAID reconstruction module and advanced disk copying/imaging module in a single piece of software, which makes data recovery easier. It works on both local as well as network disks and provides flexible parameter settings to control data recovery.
Also Read : Data Acquisition and Duplication Tools: Hardware
6. X-Ways Forensics
Source: http://resources.infosecinstitute.com
X-Ways Forensics is an advanced digital forensics platform, which works on all available versions of Windows.
Features:
- Disk imaging and cloning
- Various data recovery techniques and file carving
- Extracts metadata from various file types
7. F-Response Imager
source: https://www.f-response.com
The F-Response Imager is a product built to provide simple and fast imaging. It uses all available system resources to provide optimal performance and scaling, and allows efficient multi-thread scheduling for compressing, reading, hashing, and writing data. It supports all other F-Response logical and physical devices, such as, F-Response Connector Volumes, DiscoveryShares and MernoryShares.
8. R-Drive Image Flash
Source: http://www.drive-image.com
R-Drive Image is used to create disk image files for backup or duplication purposes, R-Drive Image recovers the images on the original disks, partitions and also on hard drive’s free space on the fly. A full disk can be copied to another one.
9. Retriever Forensic Edition
Source: http://www.infinadyne.com
Flash Retriever Forensic Edition is a professional forensic tool used for analyzing, recovering, and documenting flash-based media. It allows complete flash device imaging in raw format. It supports multiple-media.
10. Forensic Replicator
Source: https://www.paraben.com
Forensic Replicator is a Windows based bit-stream forensic image creation tool. It allows to create bit-by-bit raw DD images of hard drives, check image integrity with hash calculation, document write blacker usage in the report, view image contents etc. This tool consists of a built in software based write protection to help preserve evidence. Hash verification and reporting are also used to maintain data integrity.
11. Ma cQuisition
Source: https://www.blackbagtech.com
MacQuisition™ is a three in one live data acquisition and forensic imaging product. MacQuisition™ can collect data from more than 185 different Macintosh system models. It avoids complicated and time-consuming data collection process. It runs on the Mac OS X operating system and collects data from Mac, Xserve, Mac mini, iMac, MacBook, and MacBook Air systems in their own Mac OS X environment.
12. Belkasoft Live RAM Capturer
Source: https://belkasoft.com
Belkasoft Live RAM Capturer is a forensic tool that reliably extracts all the contents of a system volatile memory. The tool footprint is minimized as much as possible by using separate 32-bit and 64-bit builds. It is compatible with all versions of Windows including XP, Vista, Windows 7 and 8, 2003 and 2008 Server.
13. Magnet RAM Capture
source: https://www.magnetforensics.com
Magnet RAM Capture can work on both 32 and 64 bit Windows systems such as XP, Vista, 7, 8, 10, 2003, 2008 and 2012 and can extract a full physical memory rapidly.
14. OSFCIone
Source: http://www.osforensics.com
OSFCIone is a self-booting tool that can create exact raw disk images. It also supports the open Advance Forensics Format (AFF) for the imaging drives. It creates a forensic image of a disk and preserves unused sectors, file fragmentation, slack space, and undeleted file records of the original hard disk. It also supports dc3dd format for disk images. To verify that a disk clone is identical to the source drive OSFCIone is used by comparing MD5 or SHIA1 hash of the clone and the source drive.
15. FDAS – Fast Disk Acquisition System
source: http://www.cyanline.com
FDAS can be abbreviated as Fast Disk Acquisition System. It is a product built by CyanLine. FDAS can copy disk-to-disk directly. The time to copy is equal to the time allowed by the source disk.
16. SMART for Linux
Source: http://www.asrdata.com
SMART is a software designed to support forensic examiners and Information Security personnel to fulfill their forensic investigation duties and goals.
The features of SMART allow it to be used for
- Target system on-site or remote preview
- A dead system post mortem analysis
- testing and verification of forensic programs
- conversion of proprietary evidence fire formats
17. Paragon Hard Disk Manager 15 Suite
Source: https://www.paragon-software.com
The Paragon Hard Disk Manager 15 Suite is a system and data management tool. It offers dependable backup and flexible recovery functions, optimization tools, options for partitioning etc. It enables full hard disk or a separate partition copy and allows partition resizing while copying.
18. Macrium Reflect Free
Source: http://www.macrium.com
Macrium Reflect Free is a disk cloning and imaging toot It protects all personal documents, photos, music, mails etc. and also upgrades hard disk. It supports backup to local, network and USB drives and also burning to all DVD formats.
19. DAEMON Tools Pro 7
Source: https://www.daemon-tools.cc
DAEMON Tools Pro is a professional emulation software that works with disc images and virtual drives.
Features;
- It can mount popular types of images from application or Explorer
- It can fetch images from physical discs with advanced parameters
- It creates both Dynamic and Fixed virtual hard disks
- It can create new as well as edit existing Audio CD and Data images
- It can convert, compress and protect image files with password
20. Active@ Disk Image
Source: http://www.disk-image.com
Active@ Disk Image is a disk image software, which can create an exact copy of any PC disks, such as, HDDJ SSD, USB, CD, DVD, Blu-ray etc. and stores it to a folder. These copies or images can be used for PC upgrades, backups, and disk duplication purposes.
Questions related to this topic
- What two data copying methods are used in software data acquisitions?
- What are the three best forensic tools?
- What is data acquisition in digital forensics?
- What are the forensic tools?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com